CSRF check on ajax/extract, why not?

Question

CSRF check on ajax/extract, why not?

Opened this issue 2 years ago · 0 comments

I'm just briefly reviewing your app as I loosely plan on-the-fly archive extraction for my app https://github.com/rotdrop/nextcloud-app-pdf-downloader. So just out of curiosity: why are you disabling the CSRF check for the extract route? Thx, Claus